| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #ifndef NET_CERT_X509_CERTIFICATE_H_ | 5 #ifndef NET_CERT_X509_CERTIFICATE_H_ |
| 6 #define NET_CERT_X509_CERTIFICATE_H_ | 6 #define NET_CERT_X509_CERTIFICATE_H_ |
| 7 | 7 |
| 8 #include <stddef.h> | 8 #include <stddef.h> |
| 9 #include <string.h> | 9 #include <string.h> |
| 10 | 10 |
| 11 #include <string> | 11 #include <string> |
| 12 #include <vector> | 12 #include <vector> |
| 13 | 13 |
| 14 #include "base/gtest_prod_util.h" | 14 #include "base/gtest_prod_util.h" |
| 15 #include "base/macros.h" | 15 #include "base/macros.h" |
| 16 #include "base/memory/ref_counted.h" | 16 #include "base/memory/ref_counted.h" |
| 17 #include "base/strings/string_piece.h" | 17 #include "base/strings/string_piece.h" |
| 18 #include "base/time/time.h" | 18 #include "base/time/time.h" |
| 19 #include "net/base/net_export.h" | 19 #include "net/base/net_export.h" |
| 20 #include "net/cert/cert_type.h" | 20 #include "net/cert/cert_type.h" |
| 21 #include "net/cert/x509_cert_types.h" | 21 #include "net/cert/x509_cert_types.h" |
| 22 #include "net/net_features.h" |
| 22 | 23 |
| 23 #if defined(OS_WIN) | 24 #if BUILDFLAG(USE_BYTE_CERTS) |
| 25 #include "third_party/boringssl/src/include/openssl/base.h" |
| 26 #elif defined(OS_WIN) |
| 24 #include <windows.h> | 27 #include <windows.h> |
| 25 #include "crypto/wincrypt_shim.h" | 28 #include "crypto/wincrypt_shim.h" |
| 26 #elif defined(OS_MACOSX) | 29 #elif defined(OS_MACOSX) |
| 27 #include <CoreFoundation/CFArray.h> | 30 #include <CoreFoundation/CFArray.h> |
| 28 #include <Security/SecBase.h> | 31 #include <Security/SecBase.h> |
| 29 #elif defined(USE_OPENSSL_CERTS) | 32 #elif defined(USE_OPENSSL_CERTS) |
| 30 // Forward declaration; real one in <x509.h> | 33 // Forward declaration; real one in <x509.h> |
| 31 typedef struct x509_st X509; | 34 typedef struct x509_st X509; |
| 32 typedef struct x509_store_st X509_STORE; | 35 typedef struct x509_store_st X509_STORE; |
| 33 #elif defined(USE_NSS_CERTS) | 36 #elif defined(USE_NSS_CERTS) |
| (...skipping 15 matching lines...) Expand all Loading... |
| 49 // X509Certificate represents a X.509 certificate, which is comprised a | 52 // X509Certificate represents a X.509 certificate, which is comprised a |
| 50 // particular identity or end-entity certificate, such as an SSL server | 53 // particular identity or end-entity certificate, such as an SSL server |
| 51 // identity or an SSL client certificate, and zero or more intermediate | 54 // identity or an SSL client certificate, and zero or more intermediate |
| 52 // certificates that may be used to build a path to a root certificate. | 55 // certificates that may be used to build a path to a root certificate. |
| 53 class NET_EXPORT X509Certificate | 56 class NET_EXPORT X509Certificate |
| 54 : public base::RefCountedThreadSafe<X509Certificate> { | 57 : public base::RefCountedThreadSafe<X509Certificate> { |
| 55 public: | 58 public: |
| 56 // An OSCertHandle is a handle to a certificate object in the underlying | 59 // An OSCertHandle is a handle to a certificate object in the underlying |
| 57 // crypto library. We assume that OSCertHandle is a pointer type on all | 60 // crypto library. We assume that OSCertHandle is a pointer type on all |
| 58 // platforms and that NULL represents an invalid OSCertHandle. | 61 // platforms and that NULL represents an invalid OSCertHandle. |
| 59 #if defined(OS_WIN) | 62 #if BUILDFLAG(USE_BYTE_CERTS) |
| 63 // TODO(mattm): Remove OSCertHandle type and clean up the interfaces once all |
| 64 // platforms use the CRYPTO_BUFFER version. |
| 65 typedef CRYPTO_BUFFER* OSCertHandle; |
| 66 #elif defined(OS_WIN) |
| 60 typedef PCCERT_CONTEXT OSCertHandle; | 67 typedef PCCERT_CONTEXT OSCertHandle; |
| 61 #elif defined(OS_MACOSX) | 68 #elif defined(OS_MACOSX) |
| 62 typedef SecCertificateRef OSCertHandle; | 69 typedef SecCertificateRef OSCertHandle; |
| 63 #elif defined(USE_OPENSSL_CERTS) | 70 #elif defined(USE_OPENSSL_CERTS) |
| 64 typedef X509* OSCertHandle; | 71 typedef X509* OSCertHandle; |
| 65 #elif defined(USE_NSS_CERTS) | 72 #elif defined(USE_NSS_CERTS) |
| 66 typedef struct CERTCertificateStr* OSCertHandle; | 73 typedef struct CERTCertificateStr* OSCertHandle; |
| 67 #else | 74 #else |
| 68 // TODO(ericroman): not implemented | 75 // TODO(ericroman): not implemented |
| 69 typedef void* OSCertHandle; | 76 typedef void* OSCertHandle; |
| (...skipping 147 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 217 // Returns true if this object and |other| represent the same certificate. | 224 // Returns true if this object and |other| represent the same certificate. |
| 218 bool Equals(const X509Certificate* other) const; | 225 bool Equals(const X509Certificate* other) const; |
| 219 | 226 |
| 220 // Returns intermediate certificates added via AddIntermediateCertificate(). | 227 // Returns intermediate certificates added via AddIntermediateCertificate(). |
| 221 // Ownership follows the "get" rule: it is the caller's responsibility to | 228 // Ownership follows the "get" rule: it is the caller's responsibility to |
| 222 // retain the elements of the result. | 229 // retain the elements of the result. |
| 223 const OSCertHandles& GetIntermediateCertificates() const { | 230 const OSCertHandles& GetIntermediateCertificates() const { |
| 224 return intermediate_ca_certs_; | 231 return intermediate_ca_certs_; |
| 225 } | 232 } |
| 226 | 233 |
| 227 #if defined(OS_MACOSX) | 234 #if defined(OS_IOS) |
| 228 // Returns a new CFMutableArrayRef containing this certificate and its | 235 // Returns a new CFMutableArrayRef containing this certificate and its |
| 229 // intermediate certificates in the form expected by Security.framework | 236 // intermediate certificates in the form expected by Security.framework |
| 230 // and Keychain Services, or NULL on failure. | 237 // and Keychain Services, or NULL on failure. |
| 231 // The first item in the array will be this certificate, followed by its | 238 // The first item in the array will be this certificate, followed by its |
| 232 // intermediates, if any. | 239 // intermediates, if any. |
| 233 CFMutableArrayRef CreateOSCertChainForCert() const; | 240 CFMutableArrayRef CreateOSCertChainForCert() const; |
| 234 #endif | 241 #endif |
| 235 | 242 |
| 236 // Do any of the given issuer names appear in this cert's chain of trust? | 243 // Do any of the given issuer names appear in this cert's chain of trust? |
| 237 // |valid_issuers| is a list of DER-encoded X.509 DistinguishedNames. | 244 // |valid_issuers| is a list of DER-encoded X.509 DistinguishedNames. |
| (...skipping 216 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 454 // Untrusted intermediate certificates associated with this certificate | 461 // Untrusted intermediate certificates associated with this certificate |
| 455 // that may be needed for chain building. | 462 // that may be needed for chain building. |
| 456 OSCertHandles intermediate_ca_certs_; | 463 OSCertHandles intermediate_ca_certs_; |
| 457 | 464 |
| 458 DISALLOW_COPY_AND_ASSIGN(X509Certificate); | 465 DISALLOW_COPY_AND_ASSIGN(X509Certificate); |
| 459 }; | 466 }; |
| 460 | 467 |
| 461 } // namespace net | 468 } // namespace net |
| 462 | 469 |
| 463 #endif // NET_CERT_X509_CERTIFICATE_H_ | 470 #endif // NET_CERT_X509_CERTIFICATE_H_ |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2746103003:
Add X509CertificateBytes which uses CRYPTO_BUFFER instead of macOS-native certificate types. (Closed)
